I've been managing our company's server-farmed webserver from my workstation via internet for long enough that it will be easy to miss out on the new capabilities offered by combining Win7 and Server08 simply because I've got a system that works.

But it's always nice to make stuff work better.

I've been reading about major advances in VPNing when a Win7 client connects to a WinServer08 box. I'm not clear if all improvements are contained within the product called 'DirectAccess' which is intra-net oriented or not. Since I'm _not dealing with an intranet i'm not sure where to look for possible enhancements I can actually take advantage of.

The question boils down to which rabbit holes should I be looking to for enhanced connectivity features that avoid the complexity of conventional (MS-based) VPN configurations?

The requirements suggest the need for
two physical interfaces, from what I
can tell, one being publicly facing
and another facing a private or
intranet, which is not something your
server is really associated with, so I
don't see how this feature would be
usable. There would be no IPv6 support
on the standard internal networking
feature we offer to you, and you'd
need multiple systems on that internal
network system to make use of it.

Additionally, all servers are assigned
1 single IP by default, and we cannot
offer a consecutive IP address for the
public-facing network interface,
unless you use a private VLAN or if
this system will properly work with
the secondary IP allocation method we
typically use.

We also do not offer support for
Active Directory and the network
configuration is not designed with
operating an AD forest at this time.

3 Answers
3

DirectAccess requires use of IPv6, from end-to-end, so there's lot of infrastructure pre-requisites in the real world. It's not intranet -based solution but meant for VPNless direct access of resources from the protected internal network. It also requires Windows 2008 R2 version to back-end (with W7 clients).

I would be tempted to set up an SSL VPN using something like OpenVPN. It "just works" and can be run as a service (both client and server ends), available (for example) before user logon.

You could terminate the VPN at your end either on a single machine, or if you like you could terminate the VPN connection on a box inside your LAN and bridge it, so that the colo box would appear as if it was on your LAN (getting a private IP from your DHCP server, Windows file and print sharing working etc)

In the 'just works' department - have you spent any time with Hamachi? Not free for commercial use anymore but reasonable enough for a few workstations.
–
justSteveJul 26 '09 at 11:12

I've not, but I was under the impression that it drops the connection when the user logs off Windows, right? OpenVPN works well as a Windows service, which I think would be more appropriate in this scenario.
–
tomfanningJul 26 '09 at 14:38